I wrote a function for a login script. I tested the function and it’s working but when I include it on my website it’s not working. I’m not sure what I’m doing wrong. What do you guys think?
Thanks Everyone.
syntax for function
function loggeduser($name, $password){
$name = mysql_real_escape_string($name);
$password = mysql_real_escape_string($password);
$password = sha1($password);
// getting the ID here
$sql_id = mysql_query("SELECT * FROM practice WHERE name='$name' AND password='$password'");
while($row = mysql_fetch_array($sql_id)){
$id = $row["id"];
}
$sql = ("SELECT id FROM practice WHERE name='$name' AND password='$password'");
$result = mysql_query($sql) or die(mysql_error());
$count= mysql_num_rows($result);
if ($count == 1){
$_SESSION['authorized'] = true;
$_SESSION['id']; // <-- not sure if I need this?
$_SESSION['password'] = $password;
$_SESSION['name'] = $name;
header("location:userspage.php");
/* echo 'This is the password = '."$password =>".'Don\\'t make a session password variable, that\\'s very stupid. I\\'m doing this for testing purposes.'.'<br>';
echo 'This is the name = '."$name <br>";
echo "If I'm seeing this I think I did it right <br>"; */
} else {
echo "Wrong username and password <br>";
}
}
login script
<?php
session_start();
include"connect_to_mysql3.php";
$loggedinuser = $_SESSION["id"];
$name = $_SESSION["name"];
// include 'edit-car-function-for-login.php';
if (isset( $_POST['name'], $_POST['password'] )){
$name = $_POST['name'];
$password = $_POST['password'];
$password = sha1($password);
$name = mysql_real_escape_string($name);
$password = mysql_real_escape_string($password);
$sql_id = mysql_query("SELECT * FROM practice WHERE name='$name' AND password='$password'");
while($row = mysql_fetch_array($sql_id)){
$id = $row["id"];
}
$sql = ("SELECT id FROM practice WHERE name='$name' AND password='$password'");
$result = mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
$_SESSION["name"] = $name;
$_SESSION["id"] = $id;
header("location:userspage.php");
} else {
echo "Wrong Username and Password.";
}
}
Presumably this is only a small part of the overall script as you haven’t shown any of the validation of the user or hashing of the password. You are also missing a whole range of other things that are needed in order to set up a login system - such as the pages for requesting to have a new temporary password emailed to you and one for confirming your email address before allowing the login to proceed.